_bfd_mul_overflow

This patch removes the bfd_alloc2 series of memory allocation functions, replacing them with __builtin_mul_overflow followed by bfd_alloc. Why do that? Well, a followup patch will implement _bfd_alloc_and_read and I don't want to implement alloc2 variants as well. * coffcode.h (buy_and_read, coff_slurp_line_table), (coff_slurp_symbol_table, coff_slurp_reloc_table): Replace bfd_[z][m]alloc2 calls with _bfd_mul_overflow followed by the corresponding bfd_alloc call. Adjust variables to suit. * coffgen.c (_bfd_coff_get_external_symbols): Likewise. * ecoff.c (_bfd_ecoff_slurp_symbolic_info), (_bfd_ecoff_slurp_symbol_table, READ): Likewise. * elf.c (bfd_elf_get_elf_syms, setup_group, bfd_section_from_shdr), (swap_out_syms, _bfd_elf_slurp_version_tables): Likewise. * elf32-m32c.c (m32c_elf_relax_section): Likewise. * elf32-rl78.c (rl78_elf_relax_section): Likewise. * elf32-rx.c (elf32_rx_relax_section): Likewise. * elf64-alpha.c (READ): Likewise. * elfcode.h (elf_object_p, elf_write_relocs, elf_write_shdrs_and_ehdr), (elf_slurp_symbol_table, elf_slurp_reloc_table), (bfd_from_remote_memory): Likewise. * elfcore.h (core_find_build_id): Likewise. * elfxx-mips.c (READ): Likewise. * mach-o.c (bfd_mach_o_mangle_sections), (bfd_mach_o_read_symtab_symbols, bfd_mach_o_read_thread), (bfd_mach_o_read_dysymtab, bfd_mach_o_flatten_sections), (bfd_mach_o_scan, bfd_mach_o_fat_archive_p): Likewise. * som.c (setup_sections, som_prep_for_fixups) (som_build_and_write_symbol_table, som_slurp_symbol_table), (som_slurp_reloc_table, som_bfd_count_ar_symbols), (som_bfd_fill_in_ar_symbols, som_slurp_armap), (som_bfd_ar_write_symbol_stuff): Likewise. * vms-alpha.c (vector_grow1): Likewise. * vms-lib.c (vms_add_index): Likewise. * wasm-module.c (wasm_scan_name_function_section): Likewise. * libbfd.c (bfd_malloc2, bfd_realloc2, bfd_zmalloc2): Delete. * opncls.c (bfd_alloc2, bfd_zalloc2): Delete. * libbfd-in.h (bfd_malloc2, bfd_realloc2, bfd_zmalloc2), (bfd_alloc2, bfd_zalloc2): Delete. (_bfd_mul_overflow): Define. * libbfd.h: Regenerate.
author: Alan Modra <amodra@gmail.com> 2020-02-19 13:15:06 +1030
committer: Alan Modra <amodra@gmail.com> 2020-02-19 13:15:06 +1030
commit: 1f4361a77b18c5ab32baf2f30fefe5e301e017be (patch)
tree: 60d1db1d413b74073da9d11322b8d2d971106d30 /bfd/coffcode.h
parent: 446f7ed5abfd2d0bed8c4442d0634b1a8bc116f4 (diff)
download: gdb-1f4361a77b18c5ab32baf2f30fefe5e301e017be.zip
gdb-1f4361a77b18c5ab32baf2f30fefe5e301e017be.tar.gz
gdb-1f4361a77b18c5ab32baf2f30fefe5e301e017be.tar.bz2
1 files changed, 50 insertions, 20 deletions
diff --git a/bfd/coffcode.h b/bfd/coffcode.h
index 3311b9f..551105d 100644
--- a/bfd/coffcode.h
+++ b/bfd/coffcode.h
@@ -4200,13 +4200,19 @@ static void *
 buy_and_read (bfd *abfd, file_ptr where,
 	      bfd_size_type nmemb, bfd_size_type size)
 {
-  void *area = bfd_alloc2 (abfd, nmemb, size);
+  void *area;
+  size_t amt;
 
+  if (_bfd_mul_overflow (nmemb, size, &amt))
+    {
+      bfd_set_error (bfd_error_file_too_big);
+      return NULL;
+    }
+  area = bfd_alloc (abfd, amt);
   if (!area)
     return NULL;
-  size *= nmemb;
   if (bfd_seek (abfd, where, SEEK_SET) != 0
-      || bfd_bread (area, size, abfd) != size)
+      || bfd_bread (area, amt, abfd) != amt)
     return NULL;
   return area;
 }
@@ -4265,6 +4271,7 @@ coff_slurp_line_table (bfd *abfd, asection *asect)
   LINENO *src;
   bfd_boolean have_func;
   bfd_boolean ret = TRUE;
+  size_t amt;
 
   if (asect->lineno_count == 0)
     return TRUE;
@@ -4279,9 +4286,12 @@ coff_slurp_line_table (bfd *abfd, asection *asect)
       return FALSE;
     }
 
-  lineno_cache = (alent *) bfd_alloc2 (abfd,
-				       (bfd_size_type) asect->lineno_count + 1,
-				       sizeof (alent));
+  if (_bfd_mul_overflow (asect->lineno_count + 1, sizeof (alent), &amt))
+    {
+      bfd_set_error (bfd_error_file_too_big);
+      return FALSE;
+    }
+  lineno_cache = (alent *) bfd_alloc (abfd, amt);
   if (lineno_cache == NULL)
     return FALSE;
 
@@ -4395,8 +4405,12 @@ coff_slurp_line_table (bfd *abfd, asection *asect)
       alent *n_lineno_cache;
 
       /* Create a table of functions.  */
-      func_table = (alent **) bfd_alloc2 (abfd, nbr_func, sizeof (alent *));
-      if (func_table != NULL)
+      if (_bfd_mul_overflow (nbr_func, sizeof (alent *), &amt))
+	{
+	  bfd_set_error (bfd_error_file_too_big);
+	  ret = FALSE;
+	}
+      else if ((func_table = (alent **) bfd_alloc (abfd, amt)) != NULL)
 	{
 	  alent **p = func_table;
 	  unsigned int i;
@@ -4411,9 +4425,12 @@ coff_slurp_line_table (bfd *abfd, asection *asect)
 	  qsort (func_table, nbr_func, sizeof (alent *), coff_sort_func_alent);
 
 	  /* Create the new sorted table.  */
-	  n_lineno_cache = (alent *) bfd_alloc2 (abfd, asect->lineno_count,
-						 sizeof (alent));
-	  if (n_lineno_cache != NULL)
+	  if (_bfd_mul_overflow (asect->lineno_count, sizeof (alent), &amt))
+	    {
+	      bfd_set_error (bfd_error_file_too_big);
+	      ret = FALSE;
+	    }
+	  else if ((n_lineno_cache = (alent *) bfd_alloc (abfd, amt)) != NULL)
 	    {
 	      alent *n_cache_ptr = n_lineno_cache;
 
@@ -4459,6 +4476,7 @@ coff_slurp_symbol_table (bfd * abfd)
   unsigned int *table_ptr;
   unsigned int number_of_symbols = 0;
   bfd_boolean ret = TRUE;
+  size_t amt;
 
   if (obj_symbols (abfd))
     return TRUE;
@@ -4468,15 +4486,23 @@ coff_slurp_symbol_table (bfd * abfd)
     return FALSE;
 
   /* Allocate enough room for all the symbols in cached form.  */
-  cached_area = (coff_symbol_type *) bfd_alloc2 (abfd,
-						 obj_raw_syment_count (abfd),
-						 sizeof (coff_symbol_type));
+  if (_bfd_mul_overflow (obj_raw_syment_count (abfd),
+			 sizeof (*cached_area), &amt))
+    {
+      bfd_set_error (bfd_error_file_too_big);
+      return FALSE;
+    }
+  cached_area = (coff_symbol_type *) bfd_alloc (abfd, amt);
   if (cached_area == NULL)
     return FALSE;
 
-  table_ptr = (unsigned int *) bfd_zalloc2 (abfd, obj_raw_syment_count (abfd),
-					    sizeof (unsigned int));
-
+  if (_bfd_mul_overflow (obj_raw_syment_count (abfd),
+			 sizeof (*table_ptr), &amt))
+    {
+      bfd_set_error (bfd_error_file_too_big);
+      return FALSE;
+    }
+  table_ptr = (unsigned int *) bfd_zalloc (abfd, amt);
   if (table_ptr == NULL)
     return FALSE;
   else
@@ -4963,6 +4989,7 @@ coff_slurp_reloc_table (bfd * abfd, sec_ptr asect, asymbol ** symbols)
   arelent *reloc_cache;
   arelent *cache_ptr;
   unsigned int idx;
+  size_t amt;
 
   if (asect->relocation)
     return TRUE;
@@ -4976,9 +5003,12 @@ coff_slurp_reloc_table (bfd * abfd, sec_ptr asect, asymbol ** symbols)
   native_relocs = (RELOC *) buy_and_read (abfd, asect->rel_filepos,
 					  asect->reloc_count,
 					  bfd_coff_relsz (abfd));
-  reloc_cache = (arelent *) bfd_alloc2 (abfd, asect->reloc_count,
-					sizeof (arelent));
-
+  if (_bfd_mul_overflow (asect->reloc_count, sizeof (arelent), &amt))
+    {
+      bfd_set_error (bfd_error_file_too_big);
+      return FALSE;
+    }
+  reloc_cache = (arelent *) bfd_alloc (abfd, amt);
   if (reloc_cache == NULL || native_relocs == NULL)
     return FALSE;
author	Alan Modra <amodra@gmail.com>	2020-02-19 13:15:06 +1030
committer	Alan Modra <amodra@gmail.com>	2020-02-19 13:15:06 +1030
commit	1f4361a77b18c5ab32baf2f30fefe5e301e017be (patch)
tree	60d1db1d413b74073da9d11322b8d2d971106d30 /bfd/coffcode.h
parent	446f7ed5abfd2d0bed8c4442d0634b1a8bc116f4 (diff)
download	gdb-1f4361a77b18c5ab32baf2f30fefe5e301e017be.zip gdb-1f4361a77b18c5ab32baf2f30fefe5e301e017be.tar.gz gdb-1f4361a77b18c5ab32baf2f30fefe5e301e017be.tar.bz2